package com.only4play.common.jwt;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import org.apache.commons.lang3.RandomStringUtils;

import java.util.Date;

/**
 * jwt 工具类
 *
 * @author ruoyi
 */
public class JwtUtils {

    private final static String DEFAULT_SECRET =
        "qXmfHZqWOR4W6cSt2HJWvOSKDb8O0ivabqbpFR65MQFxPqWtjJF4nWW8UwdYABAi"
            + "yv8fzxTYxaxbYQQ8JlFve9bXDEbVIzLqTF1OqGtMdPMEJ4yBGStzAPcmyHCAyHtv"
            + "0KGdSFMS8zifBcbrBVzJ0T6cyG9dQvUSYlCqvBdF680mmnY9k6DpR1zgbdjMroHk"
            + "BRfxBbvzlJSck6rPMm0tx13WVAIez0lVTp2A4384c57oMUjoqNNp1ggDYFS43J6e"
            + "D5WvAiRa9lydLXj5ZX7n7Qsrylbfrw5erswgGoTktGjhfa5P7ymkfD85ppiIYKb6"
            + "TFZbt3NlQwFOqFX3Zt0AmouCOqjhjGOuSwzqkeY5rOUDNw33KgDTjBk1lb2tkmd9"
            + "ocKsdcMRxvan9jHXAkIyFkaHpHOf4hgKJQsvUUCNlNMy5ujS6Szn8OSCJoqZcV7c"
            + "ef5T9AW53qLn0xxClKtlhkTXDrJKal1iyUqkT7iuv8u0g7WNsnaD7ldIwSjrf6Hb"
            + "Ik2uePmv2jEzj6iakoZisCcdt8ktL6x8oFtYhzBoJqb0jto5SwSTwmFowJBOXRhm"
            + "kqrKc9fXzGU2SSOX5ZDx6uF0MoTTkf8JKDH9hChLM1R97FDBCs3WFNIqOIVBZIxR"
            + "oJ3HItiCwWiDMTfzQl76H59cy4kctyebPzN7FiFI8tKkdj8eZ0dw5BfmeFw2xez5"
            + "FFURUjElFB3u3ershE6rUFK0GU3mZtFRIakM68q48oSX0AfpV1pRljVzo1xP6SGY"
            + "N3T9qOh3IMm7qpEWchab0PQN8WxXg4GrjcKu0n12CtEbTnPSkSjkKGCempGC0hVa"
            + "0bh79vDI9a3aq1A9b3AnoMhOVvg7PcEFE9ZBeJqkvcgvvZhut9QNsy0YXPTRGcpY"
            + "8XDVKWVfnVKAZ6ZiDlcr7Ss6hZaTRKD2dc60X7SndLPai929RUDIJ24LkA96hNLm"
            + "lFsHEGW0QQK25xYLPeUS5sxgxMfAzS37fAFq0RtseeHDLOflS0tZipnyhGmHXES7";

    /**
     * 生成token
     *
     * @param username   登录名
     * @param expireTime 过期时间（毫秒）
     * @return
     */
    public static String createToken(String username, long expireTime) {
        return JWT.create()
            .withJWTId(RandomStringUtils.secure().next(12, true, true))//WT 的唯一标识符，在防止重放攻击时非常有用
            .withIssuer("http://auth.only4play.com") //发行者，标识 JWT 的发行者
            .withSubject("20250605") //主题，JWT 所面向的用户或资源的主题
            .withAudience("http://api.only4play.com")//接收者，JWT 预期的接收方
            .withIssuedAt(new Date())//签发时间，指定 JWT 的签发时间，值为 Unix 时间戳
            .withNotBefore(new Date())//生效时间，指定令牌生效的时间，值为 Unix 时间戳
            .withExpiresAt(new Date(System.currentTimeMillis() + expireTime))//过期时间，指定令牌何时过期，值为 Unix 时间戳
            .withClaim("username", username)
            .sign(Algorithm.HMAC256(DEFAULT_SECRET));
    }

    public static void verify(String token) {
        Algorithm algorithm = Algorithm.HMAC256(DEFAULT_SECRET);
        JWTVerifier jwtVerifier = JWT.require(algorithm).build();
        try {
            jwtVerifier.verify(token);
        } catch (TokenExpiredException e) {
            throw new TokenExpiredException("token已过期");
        } catch (JWTVerificationException e) {
            throw new JWTVerificationException("token验证失败");
        }
    }

}
